syzbot

 sign-in | mailing list | source | docs
🐞 Open [1461]
Subsystems
🐞 Fixed [6857]
🐞 Invalid [17785]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in tipc_group_proto_rcv / tipc_poll

Status: auto-obsoleted due to no activity on 2025/09/12 21:45
Subsystems: tipc
[Documentation on labels]
First crash: 179d, last: 179d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in tipc_group_proto_rcv / tipc_poll

write to 0xffff88810af63ff8 of 1 bytes by task 18229 on cpu 1:
 tipc_group_open net/tipc/group.c:111 [inline]
 tipc_group_proto_rcv+0x8c7/0xd10 net/tipc/group.c:-1
 tipc_sk_proto_rcv+0x140/0xb00 net/tipc/socket.c:2167
 tipc_sk_filter_rcv+0x1812/0x1930 net/tipc/socket.c:2350
 tipc_sk_enqueue net/tipc/socket.c:2443 [inline]
 tipc_sk_rcv+0x4dc/0x1850 net/tipc/socket.c:2495
 tipc_node_xmit+0x18b/0x890 net/tipc/node.c:1701
 tipc_node_xmit_skb net/tipc/node.c:1766 [inline]
 tipc_node_distr_xmit+0x1a5/0x200 net/tipc/node.c:1781
 tipc_sk_rcv+0xd53/0x1850 net/tipc/socket.c:2499
 tipc_node_xmit+0x18b/0x890 net/tipc/node.c:1701
 tipc_node_xmit_skb net/tipc/node.c:1766 [inline]
 tipc_node_distr_xmit+0x1a5/0x200 net/tipc/node.c:1781
 tipc_sk_rcv+0xd53/0x1850 net/tipc/socket.c:2499
 tipc_topsrv_kern_evt net/tipc/topsrv.c:630 [inline]
 tipc_conn_send_to_sock net/tipc/topsrv.c:286 [inline]
 tipc_conn_send_work+0x3a8/0x530 net/tipc/topsrv.c:306
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff88810af63ff8 of 1 bytes by task 29350 on cpu 0:
 tipc_poll+0x12a/0x350 net/tipc/socket.c:815
 sock_poll+0x218/0x240 net/socket.c:1379
 vfs_poll include/linux/poll.h:82 [inline]
 __io_arm_poll_handler+0x1ee/0xb70 io_uring/poll.c:583
 io_arm_poll_handler+0x427/0x590 io_uring/poll.c:708
 io_queue_async+0x60/0x3a0 io_uring/io_uring.c:1949
 io_queue_sqe io_uring/io_uring.c:1975 [inline]
 io_submit_sqe io_uring/io_uring.c:2224 [inline]
 io_submit_sqes+0xa25/0xfd0 io_uring/io_uring.c:2337
 __do_sys_io_uring_enter io_uring/io_uring.c:3404 [inline]
 __se_sys_io_uring_enter+0x1c1/0x1b70 io_uring/io_uring.c:3338
 __x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3338
 x64_sys_call+0x28c8/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:427
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 29350 Comm: syz.3.24263 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/18 21:34 upstream d786aba32000 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in tipc_group_proto_rcv / tipc_poll
* Struck through repros no longer work on HEAD.